Seeking Security and Opportunity in the Satellite Cold War

As satellite networks grow -- and may intertwine private and government elements -- what security concerns will arise?

Joao-Pierre S. Ruth, Senior Editor

November 7, 2023

5 Min Read
3D rendering of a satellite orbiting the earth
Jose Luis Stephens via Alamy Stock Photo

At a Glance

  • NIST published the final Cybersecurity Framework Profile for Hybrid Satellite Networks.
  • Hybrid satellite networks could bring private, independent satellites in contact with government infrastructure.
  • Private operators and nation states face security concerns along with opportunities in space.

A federal agency has set in motion steps to further secure the rapidly populating frontier of satellites where private, independent satellites might interact with government infrastructure.

The spread of these hybrid satellite networks is a sign of more players getting into space, which could increase the potential for bad actors to disrupt, ransom, steal, or damage data and other assets connected to the satellites.   

In late September, the National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence published its final Cybersecurity Framework Profile for Hybrid Satellite Networks (NIST IR 8441). That was one of several, ongoing moves by regulators to better secure operations of satellite systems as these networks might see components from the private and public sector interact.

One of NIST’s concerns is that these hybrid networks might connect with government systems and critical infrastructure. According to NIST’s statement, the framework was necessary to better assess the security posture of components within such networks.

In addition to bad actors driven by personal or monetary interests by seizing data, hackers acting on behalf of rival nation states might look to the stars to further geopolitical aggression by seizing control of satellites. “You don’t know what may happen if they move it to a different orbit or try to collide it with something,” says Jeff Hall, principal security consultant and North American aerospace lead at IT security company NCC Group.

Related:US Agencies Call for Strengthened Cybersecurity in the Space Industry

He says hybrid satellite networks are amalgamations that include public-private ventures where different networks have all been combined into one. “In the past, hybrid satellite networks weren’t really a thing,” Hall says. “It was mostly just government controlled with government networks, so they didn't have to worry so much about external entities interfacing with their systems.”

Each time another connection or touchpoint is added to a network, Hall says, different threat scenarios might come into play. This can be especially true among hybrid satellite networks. “All these other entities may have third parties providing services to them, which may also have connections to their network,” he says.

Security concerns escalate with the multitude of connections, a change from prior eras when satellites were in limited hands. “These were communication networks and methods that weren’t really used before because the government controlled their stuff,” Hall says. “They usually had their own encrypted links.” Encryption might be widespread these days, but the caliber of that security might come into question. “A lot of these entities I don’t believe are using NSA Type 1 encryption,” he says.

Related:AI-Driven Satellite Connectivity Linking Up IoT, Edge Computing

In its abstract about the framework, NIST describes a transition in the space sector towards hybrid satellite networks, which includes antennae, satellites, terminals, and other elements under independent ownership and operation that make up a satellite system. The challenge is those different elements might have disparate security levels.

The ascent of hybrid satellite networks comes at a time when non-terrestrial communications and data flow are of great importance to the private and public sectors. For example, Earth observation data company Capella Space turned to AWS a couple of years ago to handle downlinks from its satellites. On the government side, NIST is far from the only agency with its eyes on space. This summer saw the Federal Bureau of Investigation, the National Counterintelligence and Security Center, and others introduce their advisory “Safeguarding the US Space Industry.”

At last year’s Blackberry Summit in New York City, Col. Jennifer Krolikowski, CIO for US Space Systems Command in the US Space Force, spoke about cybersecurity concerns and threats in space the military pays attention, especially the actions of rival nation states. She noted that the accelerated satellite launches from China saw that country escalate over the prior 15 years from 30 satellite launches per year to more than 600.

Related:Space: The Next Tech Industry Frontier?

The race to space is underway from the private sector. Michael Misrahi, EY Americas telecommunications leader with the strategy and consulting firm, says the growth of the satellite sector is an important part of further development of 5G wireless and other escalating communication needs. “For a very long time, we have relied on increasingly faster, more capable forms of wirelines of fiber infrastructure to really support enterprise applications,” he says. “In some enterprise segments or verticals such as manufacturing or anything that has warehouses or supply chain logistics there may be some form of wireless that is in a part of the business model.”

Connectivity through satellite has historically played a role in such operations, especially in remote areas, Misrahi says, whether that is by land, sea, or air, which has been an important development within the communication space for enterprise 5G wireless. Promises of 5G communications include high reliability, high-quality broadband connection, as well as security to connect potentially hundreds or thousands of devices, he says.

Furthermore, previously siloed modes of communication are starting to mingle together. “New standards have been released around connecting and making cellular and satellite interoperable,” Misrahi says. “We’re beginning to see very successful trials that have everything to do with not just voice and SMS, but also data.”

There are three forms of satellite at play: the low Earth orbiting satellite is what we typically think about when we are talking about 5G, but you may also be able to use medium Earth orbit and geosynchronous orbit.” The specs and capabilities for each orbit differ, he says. With an influx of more private sector organizations eyeing launches into space, activity among the stars is picking up.

“We’re getting a whole set of new entrants into the market,” Misrahi says. “Over the past 10 years or so, it really has accelerated, but the past few years has become much more prominent and discussed.” Industries that saw high adoption of satellites historically include energy and utilities, oil and gas, though transportation, logistics, aviation, defense and other government entities also naturally use satellites, he says.

The push to further technology such as AI might also change data and communications models in the future. “If we continue the trend that we're on right now, we will move from a 5G cloud core transformation to an AI native network,” Misrahi says. “The ability to control and make all of these things interoperable gives us a whole new set of capabilities.” That could also make aspects of 5G that were promised much easier to deliver to the market, he says.

About the Author(s)

Joao-Pierre S. Ruth

Senior Editor

Joao-Pierre S. Ruth covers tech policy, including ethics, privacy, legislation, and risk; fintech; code strategy; and cloud & edge computing for InformationWeek. He has been a journalist for more than 25 years, reporting on business and technology first in New Jersey, then covering the New York tech startup community, and later as a freelancer for such outlets as TheStreet, Investopedia, and Street Fight. Follow him on Twitter: @jpruth.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights